Dynamic Routing on the Cisco ASA

Since the Cisco ASA function like a router in routed mode it can also perform dynamic routing using RIP, EIGRP and OSPF. This lab will discuss and demonstrate the configuration and verification of dynamic routing on the Cisco ASA platform.

Core Knowledge

Lab Topology

Initial Configs

Lab Objectives

Lab Instruction

Core Knowledge and Real World Scenarios

Configuring a Cisco ASA to do dynamic routing can be extremely beneficial. Configuring multiple static routes in any given network can raise the administrative overhead for network management. In an idea network you would want everything to just “automagically” work.

The Cisco ASA supports EIGRP, RIP and OSPF from a dynamic routing protocol perspective. The full protocol stacks are supported however the Cisco ASA is unable to use route-maps so with that in mind any functionality you would gain from route-maps on a Cisco IOS router, you would lose on the ASA Software.

The configuration of the dynamic routing protocols are nearly the same as you would configure them on a Cisco IOS Router. Using the router protocol # command in global config followed by the AS or Process number would place you into router configuration mode.

One of the major differences is that you do NOT use wildcard statements in router configuration mode on the Cisco ASA and doing so will result in the network becoming 0.0.0.0/0 thus making all interfaces participate in the routing process.

When configuring EIGRP or OSPF, you must specify the interface network ID along with the subnet mask. I.e; network 10.1.1.0 255.255.255.0 area 0

The ASA Supports EIGRP Stub Area’s, and OSPF Stub Area’s along with OSPF area summarization.

The Routing Information Protocol is also supported on RIPv1 and RIPv2.

The verification commands are slightly different from Cisco IOS. When verifying OSPF neighbors on a Cisco ASA you would use the show ospf neighbors command instead of the show ip ospf neighbors This same concept applies to RIP and EIGRP.

Familiarize yourself with the following command(s);

Command

Description

router rip

This command when executed in global configuration mode starts the RIP process on the Cisco ASA. Networks can be added into the process by the network x.x.x.x y.y.y.y command whereas X is the subnet ID and Y is the subnet mask.

show rip database

This command when executed in privileged mode will display the contents of the RIP database.

router eigrp #

This command when executed in global configuration mode starts the EIGRP routing process followed by the Autonomous System number. Auto Summary is disabled by default and network statements are added via network x.x.x.x y.y.y.y whereas X is the subnet id and Y is the subnet mask.

show eigrp topology

This command when executed in privileged mode will display the contents of the EIGRP topology table.

router ospf #

This command when executed in global configuration mode starts the EIGRP routing process followed by the OSPF Process ID. Interfaces are added into the process via the network x.x.x.x y.y.y.y area # command whereas X is the subnet ID and Y is the subnet mask followed by the Area number.

show eigrp database

This command when executed in privileged mode will display the contents of the OSPF database.

Lab Logical Topology

The following logical topology is used in all labs found through out Section 7 of the CCNA Security Workbook;